Re: Limit number of login attemps on Windows server 2003 - where to set this up?
From: Stuart Mackie [MCP, MSP] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 12/13/04
- Next message: Ryan Sokolowski [Avanade]: "Re: Spyware Solution"
- Previous message: Ryan Sokolowski [Avanade]: "Re: Access Denied for Admin on a Users Profile Help."
- In reply to: David Jensen: "Limit number of login attemps on Windows server 2003 - where to set this up?"
- Next in thread: David Jensen: "Re: Limit number of login attemps on Windows server 2003 - where to set this up?"
- Reply: David Jensen: "Re: Limit number of login attemps on Windows server 2003 - where to set this up?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 23:24:25 -0000
Hi David. The Domain Security Policy applies to all computers in the
domain, and the Domain Controller Security Policy only applies to Domain
Controllers within your domain. The Domain Controller Security Policy takes
precedence over the Domain Security Policy. Therefore if you want to adjust
the policy on your Domain Controllers without affecting the workstations on
your network you would use the Domain Controller Security Policy. Whereas
if you wanted to make a change that affected all systems on your network you
would use the Domain Security Policy etc.
To adjust account lockout open your Domain Security Policy and navigate to
the folder below:
Computer Configuration
Windows Settings
Security Settings
Account Policies
Account Lockout Policy
There will be three options listed to allow you to adjust lockout policy.
Unfortunately there can be disadvantages to applying a lockout policy. If
you server is online and serving any websites or providing external services
where account lockouts can apply, it is possible for DOS attacks to take
place against user accounts as well as IIS accounts since these all come
under the same policy.
-- Hth, Stuart Mackie [MCP, MSP] www.stu.uk.com "David Jensen" <djnews1@xxhealthcare.com> wrote in message news:PSovd.2858$2J2.746@newsread2.news.atl.earthlink.net... > I'm setting up a single server at our small office with Win 2003 server. > I want to limit the number of login attempts that a user can make before > being locked out. The server is acting as the one and only DC, in > addition to being a Terminal Server, and File server. > > I find that I have the option to set up the security settings in either > the Domain Controller Security Policy or the Domain Security Policy (and > then navigating to Security Settings/Account Policies/Account Lockout > Policy). > > Can someone please explain to me why the two options and what scenarios > would determine where I should set it up (the Domain Controller Security > Policy or the Domain Security Policy)? I would very much appreciate it if > someone could help me understand the thought process of which one to use > (or both, I guess), not just in this scenario but in other circumstances > and scenarios. In this case, my needs are to limit the login attempts > from a client PC trying to log into the server and/or limiting the login > attempts via Terminal services. > > > Thanks in advance > -- > David Jensen > Replace the xx in my E-mail address with "Team" for my real E-mail address > >
- Next message: Ryan Sokolowski [Avanade]: "Re: Spyware Solution"
- Previous message: Ryan Sokolowski [Avanade]: "Re: Access Denied for Admin on a Users Profile Help."
- In reply to: David Jensen: "Limit number of login attemps on Windows server 2003 - where to set this up?"
- Next in thread: David Jensen: "Re: Limit number of login attemps on Windows server 2003 - where to set this up?"
- Reply: David Jensen: "Re: Limit number of login attemps on Windows server 2003 - where to set this up?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
